Affiliations: [a] School of Computer Information Engineering, Jiangxi Normal University, China
| [b] Management Science and Engineering Research Center, Jiangxi Normal University, China
| [c] School of Digital Industry, Jiangxi Normal University, China
Correspondence:
[*]
Corresponding author. Qing Huang and Zhengkang Zuo, School of Computer Information Engineering, Jiangxi Normal University, China. E-mails: qh@whu.edu.cn (Qing Huang) and zuo803@jxnu.edu.cn (Zhengkang Zuo).
Note: [1] Huiwen Jiang and Changjing Wang are co-first authors.
Note: [2] Qing Huang and Zhengkang Zuo are equally allocated to this work.
Abstract: The smart contract, a self-executing program on the blockchain, is key to programmable finance. However, the rise of smart contract use has also led to an increase in vulnerabilities that attract illegal activity from hackers. Traditional manual approaches for vulnerability detection, relying on domain experts, have limitations such as low automation and weak generalization. In this paper, we propose a deep learning approach that leverages domain-specific features and an attention mechanism to accurately detect vulnerabilities in smart contracts. Our approach reduces the reliance on manual input and enhances generalization by continuously learning code patterns of vulnerabilities, specifically detecting various types of vulnerabilities such as reentrancy, integer overflow, forced Ether injection, unchecked return value, denial of service, access control, short address attack, tx.origin, call stack overflow, timestamp dependency, random number dependency, and transaction order dependency vulnerabilities. In order to extract semantic information, we present a semantic distillation approach for detecting smart contract vulnerabilities. This approach involves using a syntax parser, Slither, to segment the code into smaller slices and word embedding to create a matrix for model training and prediction. Our experiments indicate that the BILSTM model is the best deep learning model for smart contract vulnerability detection task. We looked at how domain features and self-attentiveness mechanisms affected the ability to identify 12 different kinds of smart contract vulnerabilities. Our results show that by including domain features, we significantly increased the F1 values for 8 different types of vulnerabilities, with improvements ranging from 7.35% to 48.58%. The methods suggested in this study demonstrate a significant improvement in F1 scores ranging from 4.18% to 38.70% when compared to conventional detection tools like Oyente, Mythril, Osiris, Slither, Smartcheck, and Securify. This study provides developers with a more effective method of detecting smart contract vulnerabilities, assisting in the prevention of potential financial losses. This research provides developers with a more effective means of detecting smart contract vulnerabilities, thereby helping to prevent potential financial losses.
